ffsend [WIP]

Easily and securely share files from the command line.
A fully featured Firefox Send client.

Easily and securely share files and directories from the command line through a
safe, private and encrypted link using a single simple command.
Files are shared using the Send service and may be up
to 2GB. Others are able to download these files with this tool, or through
their web browser.

All files are always encrypted on the client, and secrets are never shared with
the remote host. An optional password may be specified, and a default file
lifetime of 1 (up to 20) download or 24 hours is enforced to ensure your stuff
does not remain online forever.
This provides a secure platform to share your files.
Find out more about security here.

Compile features / use flags

Different use flags are available for ffsend to toggle whether to include
various features.
The following features are available, some of which are enabled by default:

Feature

Enabled

Description

send2

Default

Support for Firefox Send v2 servers

send3

Default

Support for Firefox Send v3 servers

clipboard

Default

Support for copying links to the clipboard

history

Default

Support for tracking files in history

archive

Default

Support for archiving and extracting uploads and downloads

qrcode

Default

Support for rendering a QR code for a share URL

urlshorten

Default

Support for shortening share URLs

infer-command

Default

Support for inferring subcommand based on binary name

no-color

Compile without color support in error and help messages

To enable features during building or installation, specify them with
--features <features...> when using cargo.
You may want to disable default features first using
--no-default-features.
Here are some examples:

# Defaults set of features with no-color, one of
cargo install --features no-color
cargo build --release --features no-color
# None of the features
cargo install --no-default-features
# Only history and clipboard support
cargo install --no-default--features --features history,clipboard

For Windows systems it is recommended to provide the no-color flag, as color
support in Windows terminals is flaky.

Configuration and environment

The following environment variables may be used to configure the following
defaults. The CLI flag is shown along with it, to better describe the relation
to command line arguments:

Variable

CLI flag

Description

FFSEND_HISTORY

--history <FILE>

History file path

FFSEND_HOST

--host <URL>

Upload host

FFSEND_TIMEOUT

--timeout<SECONDS>

Request timeout (0 to disable)

FFSEND_TRANSFER_TIMEOUT

--transfer-timeout<SECONDS>

Transfer timeout (0 to disable)

FFSEND_API

--api <VERSION>

Server API version, - to lookup

FFSEND_BASIC_AUTH

--basic-auth <USER:PASSWORD>

Basic HTTP authentication credentials to use.

These environment variables may be used to toggle a flag, simply by making them
available. The actual value of these variables is ignored, and variables may be
empty.

Variable

CLI flag

Description

FFSEND_FORCE

--force

Force operations

FFSEND_NO_INTERACT

--no-interact

No interaction for prompts

FFSEND_YES

--yes

Assume yes for prompts

FFSEND_INCOGNITO

--incognito

Incognito mode, don't use history

FFSEND_OPEN

--open

Open share link of uploaded file

FFSEND_ARCHIVE

--archive

Archive files uploaded

FFSEND_EXTRACT

--extract

Extract files downloaded

FFSEND_COPY

--copy

Copy share link to clipboard

FFSEND_COPY_CMD

--copy-cmd

Copy download command to clipboard

FFSEND_QUIET

--quiet

Log quiet information

FFSEND_VERBOSE

--verbose

Log verbose information

At this time, no configuration or dotfile file support is available.
This will be something added in a later release.

Binary for each subcommand: ffput, ffget

ffsend supports having a separate binaries for single subcommands, such as
having ffput and ffget just for to upload and download using ffsend.
This allows simple and direct commands like:

You can use the following methods to set up these single-command binaries:

Create a properly named symbolic link (recommended)

Create a properly named hard link

Clone the ffsend binary, and rename it

On Linux and macOS you can use the following command to set up symbolic links in
the current directory:

ln -s$(which ffsend) ./ffputln -s$(which ffsend) ./ffget

Support for this feature is only available when ffsend is compiled with the
infer-command feature flag.
This is usually enabled by default.
To verify support is available with an existing installation, make sure the
feature is listed when invoking ffsend debug.

Note that the snap package does currently not support this due to how this
package format works.

Security

In short; the ffsend tool and the Send service can be considered
secure, and may be used to share sensitive files. Note though that the
created share link for an upload will allow anyone to download the file.
Make sure you don't share this link with unauthorized people.

For more detailed information on encryption, please read the rest of the
paragraphs in this security section.

Note: even though the encryption method is considered secure, this ffsend
tool does not provide any warranty in any way, shape or form for files that
somehow got decrypted without proper authorization.

Client side encryption

ffsend uses client side encryption, to ensure your files are securely
encrypted before they are uploaded to the remote host. This makes it impossible
for third parties to decrypt your file without having the secret (encryption
key). The file and its metadata are encrypted using 128-bit AES-GCM, and a
HMACSHA-256 signing key is used for request authentication.
This is consistent with the encryption documentation provided by the
Send service, ffsend is a tool for.

A detailed list on the encryption/decryption steps, and on what encryption is
exactly used can be found here in the official service
documentation.

Note on share link security

The encryption secret, that is used to decrypt the file when downloading,
is included in the share URL behind the # (hash). This secret is never sent
the remote server directly when using the share link in your browser.
It would be possible however for a webpage to load some malicious JavaScript
snippet that eventually steals the secret from the link once the page is loaded.
Although this scenario is extremely unlikely, there are some options to prevent
this from happening:

Only use this ffsend tool, do not use the share link in your browser.

Add additional protection by specifying a password using --password while
uploading, or using the password subcommand afterwards.